Two Fat Men, One Filesystem
Signedness
44CON 2024 · Day 2 · Main
This talk, "Two Fat Men, One Filesystem," presented by Signedness, delves into a series of "unbelievable" and long-standing server-side vulnerabilities within the Network File System (NFS) protocol, specifically focusing on versions 2 and 3. The speaker highlights fundamental design flaws that enable remote attackers to gain full filesystem access and, in many cases, achieve remote code execution on vulnerable systems. The research primarily targets BSD-derived operating systems but also touches upon older Linux and Apple implementations, revealing bugs that the speaker contends should have been discovered and patched decades ago.
AI review
Signedness drops a genuinely embarrassing set of findings against NFS — a protocol so old it should have had every corner examined twice by now. The LOOKUP-dot-dot traversal chain working against current OpenBSD and FreeBSD is not a theoretical curiosity; it's a fully weaponized root shell on a live demo box, and the IP-spoofing-to-bypass-MountD trick ties the attack chain together cleanly. Solid research with real CVE-grade impact, held back from a 5 only by the fact that NFS weaknesses aren't exactly virgin territory and a few of the sub-findings (weak file handle entropy, mknod abuse) are…